Finance the most targeted sector accounting for almost a quarter of all attacks

It took 175 days for EMEA organisations to detect cyber attackers in their networks, FireEye reveals in a new report.

The annual FireEye M-Trends report showed an almost 40% increase in the median dwell time from the same measurement the year before which stood at 106 days. The median dwell time is the duration a threat actor is in an organisation’s environment before they are detected.

“It’s disappointing to see median dwell times increasing significantly in EMEA organisations, particularly with the GDPR deadline just around the corner,” said Stuart McKenzie, vice president of Mandiant at FireEye. “However, on the positive side, we’ve seen a growing number of historic threats uncovered this year that have been active for several hundred days. Detecting these long-lasting attacks is obviously a positive development, but it increases the dwell time statistic.”

Company Articles

The median dwell time globally is 101 days, so EMEA organisations were 2.5 months slower to respond than the global median. However, progress appears to have been made with organisations discovering breaches internally, rather than being notified by law enforcement or another outside source. EMEA median dwell time for internal detection was 24.5 days, down from 83 days in last year’s report. The global statistic for internal detection is 57.5 days.

In 2017, 24% of Mandiant investigations in EMEA involved organisations from the finance sector. This made finance the most targeted sector ahead of government which represented 18%. Business and professional services was the third most targeted sector, involved in 12% of investigations.

FireEye data provides evidence that organisations which have been victims of a targeted compromise are likely to be targeted again. Global data from the past 19 months found that 56% of all FireEye managed detection and response customers who came out of Mandiant incident response support were targeted again by the same or a similarly motivated attack group. Findings also show that at least 49% of customers that had experienced at least one significant attack were successfully attacked again within the next year. In EMEA specifically, 40% of customers who had been affected by a serious breach had multiple significant attacks from multiple groups throughout the year.

The demand for skilled cyber security personnel is continuing to rapidly outpace supply, adding to the existing skills shortage. Industry research data by the National Initiative for Cybersecurity Education (NICE), and insights gained through FireEye engagements throughout 2017, point to the deficit getting worse over the next five years. These findings show that the main areas affected by the skills gap are visibility & detection and incident response. In both of these disciplines, a lack of expertise is causing a potentially costly delay in dealing with malicious activity.